800 US, UK sites defaced as protesters wage Net war

Protesters and patriotic hackers alike are defacing hundreds of US and UK corporate and govt sites.

As bombs continue to fall in Iraq, protesters and patriotic hackers alike have stepped up their war of words on the Internet, defacing hundreds of US and UK corporate and government Web sites, a security expert said.

"We've had reports of 800 defacements on Friday, which is ten times more than a week ago, which tells me groups are increasingly turning to the Internet to protest," said Mikko Hypponen, manager of Finnish anti-virus software firm F-Secure.

The messages run the gamut, ranging from words of support for American and British troops to anger over the military campaign. Victims vary from a US Navy Web site to the homepage for UK industrial products distributor Routeco, www.routeco.com.

According to pictures captured on F-Secure's Web site, the Routeco home page carried a photo of protestors burning an American flag. Underneath the image, a message read: "Ohh YeaH BabY...Ur SiTe Has BeeN DeFaceD".

The Web site was back to normal by mid-day Thursday, a computer consultant for Routeco told Reuters.

The site www.seabornes.com, was also hit by war protesters, quoting the Koran. It also issued the ominous warning: "It's The New Era of Cyber War We Promised!"

Groups with a strong political bent increasingly have been using Web site defacement and crude hacking techniques as methods of protest.

Like graffiti, defaced Web sites are considered little more than a nuisance. The message tends to get wide exposure, but the damage to the victim is minimal. Web site operators typically have the site restored within a matter of hours.

"This is the work of individual groups. We haven't seen any signs of state-sponsored network (intrusions)," Hypponen said.

Hypponen said security firms have been staffing up to handle the more damaging potential cyber attacks: email-based worms or viruses.

A new e-mail worm, dubbed Ganda-A, surfaced this week in Europe, purporting to show screensavers of U.S. spy satellite pictures of Iraq or animations that are either patriotic or that mock President Bush.

The worm spreads by sending itself to e-mail addresses on an infected machine and tries to disable anti-virus and other security software and infect certain files on the hard disk.

Hypponen said the worm was petering out on Friday. Still, his team remains on the ready.